Public key cryptography is typically used for secure communications over the Internet, for example, to distribute secret keys used in cryptographic algorithms. Public key cryptography is also used in digital signatures to authenticate the origin of data and protect the integrity of that data. Commonly used public key algorithms include Rivert, Shamir, Aldeman (RSA) and Diffie-Hellman key exchange (DH). The public key algorithm may be used to authenticate keys for encryption algorithms such as the Data Encryption Standard (DES) and the Advanced Encryption Standard (AES).
RSA and DH provide security based on the use of number theory. RSA is based on factoring the product of two large prime numbers. DH is based on a discrete logarithm for finite groups. Typically, public key systems use 1024-bit parameters for RSA and DH.
Typically, a processor includes a Public Key Encryption (PKE) unit that performs cryptographic computations with very high performance. The PKE unit accelerates large modular exponentiation problems and is optimized to work with operands in the range of 512 to 4096 bits.
In order to provide high-performance, these operations are performed using a variable number of operations. A side-channel attack is an attack based on information that can be used to learn the secret keys that is obtained from a physical implementation of a cryptosystem. For example, the information may be timing information or power consumption. A power monitoring attack is an attack that uses varying power consumption by a device during computation. A timing attack is an attack based on measuring how much time it takes to process different inputs, for example, due to performance optimizations to bypass unnecessary operations, branching, cache memory and operations (for example, multiplication and division) that run in a non-fixed time. Also, it may be possible to determine a key by observing data movement to/from memory or from/to a processor and measuring how long it takes to transfer information associated with a key.
One known method to prevent side-channel timing attacks is to design a program so that it is isochronous, that is, so it runs in a constant amount of time, independent of secret key values. However, this results in a significant loss in performance.
Although the following Detailed Description will proceed with reference being made to illustrative embodiments of the claimed subject matter, many alternatives, modifications, and variations thereof will be apparent to those skilled in the art. Accordingly, it is intended that the claimed subject matter be viewed broadly, and be defined only as set forth in the accompanying claims.